diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 5d6f11de..220616f7 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -36,11 +36,12 @@ jobs:
       matrix:
         include:
           - container: ghcr.io/oca/oca-ci/py3.10-ocb16.0:latest
-            include: "stock_owner_restriction,mrp_stock_owner_restriction,purchase_order_owner,mrp_subcontracting_owner"
+            # sales_team_security: incompatible with auditlog (for some reason)
+            include: "stock_owner_restriction,mrp_stock_owner_restriction,purchase_order_owner,mrp_subcontracting_owner,sales_team_security"
             name: test with OCB
             makepot: "false"
           - container: ghcr.io/oca/oca-ci/py3.10-ocb16.0:latest
-            exclude: "stock_owner_restriction,mrp_stock_owner_restriction,purchase_order_owner,mrp_subcontracting_owner"
+            exclude: "stock_owner_restriction,mrp_stock_owner_restriction,purchase_order_owner,mrp_subcontracting_owner,sales_team_security"
             name: test with OCB
             makepot: "false"
     services:
diff --git a/sales_team_security/README.rst b/sales_team_security/README.rst
new file mode 100644
index 00000000..0e1cc241
--- /dev/null
+++ b/sales_team_security/README.rst
@@ -0,0 +1,151 @@
+===============================================
+Sales documents permissions by channels (teams)
+===============================================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:709c291e03000ac05c6e8f97900c31cb7ec9adfded256ce6bfabf6a62d20dd03
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Production%2FStable-green.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Production/Stable
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fsale--workflow-lightgray.png?logo=github
+    :target: https://github.com/OCA/sale-workflow/tree/16.0/sales_team_security
+    :alt: OCA/sale-workflow
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/sale-workflow-16-0/sale-workflow-16-0-sales_team_security
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/sale-workflow&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module adds a new "Sale" group called "User: Team documents", that
+includes the proper permissions for showing only the information related to
+that user sale team (having assigned that team/channel or no team at all,
+independently from the assigned salesman):
+
+* Contacts.
+* Quotations/Sales Orders (implemented in sales_team_security_sale)
+* Leads/Opportunities (implemented in sales_team_security_crm)
+
+It also handles the propagation of the sales team from commercial partners to
+the contacts, which standard doesn't do.
+
+It also handles the sync (auto-creation and remove) of followers in company partners
+and childs of them according to salesmans. Any example about it:
+- Partner company > Salesman: Admin
+- Partner company, Contact 1 > Without salesman
+- Partner company, Contact 2 > Salesman: Demo
+All these partners have these followers: Admin + Demo
+
+And finally, there are rules for partners to be restricted to the own ones for
+the group "User: Own Documents Only" for being coherent with the permission
+scheme. Someone with this permission will see:
+
+- Contacts without salesman nor team assigned.
+- Contacts without salesman assigned, but the same team.
+- Contacts with them as salesman, independently from the team.
+- Contacts with them as follower.
+
+For keeping consistent accesses, followers of the main and shipping/invoice
+contacts are synced according the salesman of the children contacts
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Installation
+============
+
+At installation time, this module sets in all the contacts that have the sales
+team empty the sales team of the parent, and sync followers in parent contacts
+and invoice/shipping addresses. If you have a lot of contacts, this
+operation can take a while.
+
+Configuration
+=============
+
+#. Go to *Configuration > Users & Companies > Users*.
+#. Open or create a user.
+#. On the section "Sale", select "User: Team documents".
+
+Known issues / Roadmap
+======================
+
+* This module modifies sales security groups hierarchy, so any other module
+  doing something similar might conflict with this one.
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/sale-workflow/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/sale-workflow/issues/new?body=module:%20sales_team_security%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Tecnativa
+
+Contributors
+~~~~~~~~~~~~
+
+* `Tecnativa <https://www.tecnativa.com>`__:
+
+  * Pedro M. Baeza
+  * Víctor Martínez
+  * César A. Sánchez
+
+* `Guadaltech <https://www.guadaltech.es>`__:
+
+  * Ramón Bajona
+
+* Iván Todorovich <ivan.todorovich@gmail.com>
+
+* `Pesol <https://www.pesol.es>`__:
+
+  * Jonathan Oscategui Taza <info@pesol.es>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+.. |maintainer-pedrobaeza| image:: https://github.com/pedrobaeza.png?size=40px
+    :target: https://github.com/pedrobaeza
+    :alt: pedrobaeza
+.. |maintainer-ivantodorovich| image:: https://github.com/ivantodorovich.png?size=40px
+    :target: https://github.com/ivantodorovich
+    :alt: ivantodorovich
+
+Current `maintainers <https://odoo-community.org/page/maintainer-role>`__:
+
+|maintainer-pedrobaeza| |maintainer-ivantodorovich| 
+
+This module is part of the `OCA/sale-workflow <https://github.com/OCA/sale-workflow/tree/16.0/sales_team_security>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/sales_team_security/__init__.py b/sales_team_security/__init__.py
new file mode 100644
index 00000000..030d9698
--- /dev/null
+++ b/sales_team_security/__init__.py
@@ -0,0 +1,4 @@
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import models
+from .hooks import post_init_hook, uninstall_hook
diff --git a/sales_team_security/__manifest__.py b/sales_team_security/__manifest__.py
new file mode 100644
index 00000000..20debdb1
--- /dev/null
+++ b/sales_team_security/__manifest__.py
@@ -0,0 +1,19 @@
+# Copyright 2016-2020 Tecnativa - Pedro M. Baeza
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Sales documents permissions by channels (teams)",
+    "summary": "New group for seeing only sales channel's documents",
+    "version": "16.0.1.0.0",
+    "category": "Sales",
+    "website": "https://github.com/OCA/sale-workflow",
+    "author": "Tecnativa, Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "installable": True,
+    "development_status": "Production/Stable",
+    "maintainers": ["pedrobaeza", "ivantodorovich"],
+    "depends": ["sales_team"],
+    "data": ["security/sales_team_security.xml", "views/res_partner_view.xml"],
+    "post_init_hook": "post_init_hook",
+    "uninstall_hook": "uninstall_hook",
+}
diff --git a/sales_team_security/hooks.py b/sales_team_security/hooks.py
new file mode 100644
index 00000000..17cc5cbe
--- /dev/null
+++ b/sales_team_security/hooks.py
@@ -0,0 +1,46 @@
+# Copyright 2018-2016 Tecnativa - Pedro M. Baeza
+# Copyright 2020 - Iván Todorovich
+# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html
+
+from odoo import SUPERUSER_ID, api
+
+
+def post_init_hook(cr, registry):
+    """At installation time, propagate the parent sales team to the children
+    contacts that have this field empty, as it's supposed that the intention
+    is to have the same.
+    """
+    cr.execute(
+        """UPDATE res_partner
+        SET team_id=parent.team_id
+        FROM res_partner AS parent
+        WHERE parent.team_id IS NOT NULL
+        AND res_partner.parent_id = parent.id
+        AND res_partner.team_id IS NULL"""
+    )
+
+
+def uninstall_hook(cr, registry):  # pragma: no cover
+    """At uninstall, revert changes made to record rules"""
+    with api.Environment.manage():
+        env = api.Environment(cr, SUPERUSER_ID, {})
+        env.ref("sales_team.group_sale_salesman_all_leads").write(
+            {
+                "implied_ids": [
+                    (6, 0, [env.ref("sales_team.group_sale_salesman").id]),
+                ],
+            }
+        )
+    # At installation time, we need to sync followers
+    with api.Environment.manage():
+        env = api.Environment(cr, SUPERUSER_ID, {})
+        partners = env["res.partner"].search(
+            [
+                ("parent_id", "=", False),
+                ("is_company", "=", True),
+                "|",
+                ("user_id", "!=", False),
+                ("child_ids.user_id", "!=", False),
+            ]
+        )
+        partners._add_followers_from_salesmans()
diff --git a/sales_team_security/i18n/es.po b/sales_team_security/i18n/es.po
new file mode 100644
index 00000000..8dbbccfe
--- /dev/null
+++ b/sales_team_security/i18n/es.po
@@ -0,0 +1,69 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* sales_team_security
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 15.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2022-06-28 21:00+0000\n"
+"PO-Revision-Date: 2022-06-28 21:00+0000\n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: sales_team_security
+#: model:ir.model,name:sales_team_security.model_res_partner
+msgid "Contact"
+msgstr "Contacto"
+
+#. module: sales_team_security
+#: model:ir.model.fields,help:sales_team_security.field_res_partner__team_id
+#: model:ir.model.fields,help:sales_team_security.field_res_users__team_id
+msgid ""
+"If set, this Sales Team will be used for sales and assignments related to "
+"this partner"
+msgstr ""
+"Si está configurado, este equipo de ventas será usado para las ventas y "
+"asignaciones relacionadas a este partner."
+
+#. module: sales_team_security
+#: model:ir.model,name:sales_team_security.model_ir_rule
+msgid "Record Rule"
+msgstr "Regla de registro"
+
+#. module: sales_team_security
+#: model:ir.model.fields,field_description:sales_team_security.field_res_partner__team_id
+#: model:ir.model.fields,field_description:sales_team_security.field_res_users__team_id
+msgid "Sales Team"
+msgstr "Equipo de ventas"
+
+#. module: sales_team_security
+#: model:ir.model.fields,field_description:sales_team_security.field_res_partner__user_id
+#: model:ir.model.fields,field_description:sales_team_security.field_res_users__user_id
+msgid "Salesperson"
+msgstr "Comercial"
+
+#. module: sales_team_security
+#: model:ir.model.fields,help:sales_team_security.field_res_partner__user_id
+#: model:ir.model.fields,help:sales_team_security.field_res_users__user_id
+msgid "The internal user in charge of this contact."
+msgstr "El usuario interno a cargo de este contacto."
+
+#. module: sales_team_security
+#: model:res.groups,comment:sales_team_security.group_sale_team_manager
+msgid ""
+"The user will have an access to the documents of the sales teams he/she "
+"belongs to."
+msgstr ""
+"El usuario tendrá acceso a los documentos de los equipos comerciales a los "
+"que pertenece."
+
+#. module: sales_team_security
+#: model:res.groups,name:sales_team_security.group_sale_team_manager
+msgid "User: Team Documents Only"
+msgstr "Usuario: Solo documentos del equipo"
diff --git a/sales_team_security/i18n/it.po b/sales_team_security/i18n/it.po
new file mode 100644
index 00000000..8ff77d64
--- /dev/null
+++ b/sales_team_security/i18n/it.po
@@ -0,0 +1,69 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* sales_team_security
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 15.0\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2022-06-28 21:01+0000\n"
+"PO-Revision-Date: 2023-12-12 11:01+0000\n"
+"Last-Translator: mymage <stefano.consolaro@mymage.it>\n"
+"Language-Team: \n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: nplurals=2; plural=n != 1;\n"
+"X-Generator: Weblate 4.17\n"
+
+#. module: sales_team_security
+#: model:ir.model,name:sales_team_security.model_res_partner
+msgid "Contact"
+msgstr "Contatto"
+
+#. module: sales_team_security
+#: model:ir.model.fields,help:sales_team_security.field_res_partner__team_id
+#: model:ir.model.fields,help:sales_team_security.field_res_users__team_id
+msgid ""
+"If set, this Sales Team will be used for sales and assignments related to "
+"this partner"
+msgstr ""
+"Se impostato, il team di vendita viene utilizzato per vendite e assegnazioni "
+"correlate al partner"
+
+#. module: sales_team_security
+#: model:ir.model,name:sales_team_security.model_ir_rule
+msgid "Record Rule"
+msgstr "Regola su record"
+
+#. module: sales_team_security
+#: model:ir.model.fields,field_description:sales_team_security.field_res_partner__team_id
+#: model:ir.model.fields,field_description:sales_team_security.field_res_users__team_id
+msgid "Sales Team"
+msgstr "Team di vendita"
+
+#. module: sales_team_security
+#: model:ir.model.fields,field_description:sales_team_security.field_res_partner__user_id
+#: model:ir.model.fields,field_description:sales_team_security.field_res_users__user_id
+msgid "Salesperson"
+msgstr "Addetto vendite"
+
+#. module: sales_team_security
+#: model:ir.model.fields,help:sales_team_security.field_res_partner__user_id
+#: model:ir.model.fields,help:sales_team_security.field_res_users__user_id
+msgid "The internal user in charge of this contact."
+msgstr "L'utente interno responsabile di questo contatto."
+
+#. module: sales_team_security
+#: model:res.groups,comment:sales_team_security.group_sale_team_manager
+msgid ""
+"The user will have an access to the documents of the sales teams he/she "
+"belongs to."
+msgstr ""
+"L'utente avrà accesso ai documenti del team di vendita a cui appartiene."
+
+#. module: sales_team_security
+#: model:res.groups,name:sales_team_security.group_sale_team_manager
+msgid "User: Team Documents Only"
+msgstr "Utente: solo documenti del team"
diff --git a/sales_team_security/i18n/sales_team_security.pot b/sales_team_security/i18n/sales_team_security.pot
new file mode 100644
index 00000000..2c927dba
--- /dev/null
+++ b/sales_team_security/i18n/sales_team_security.pot
@@ -0,0 +1,62 @@
+# Translation of Odoo Server.
+# This file contains the translation of the following modules:
+# 	* sales_team_security
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: Odoo Server 16.0\n"
+"Report-Msgid-Bugs-To: \n"
+"Last-Translator: \n"
+"Language-Team: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: \n"
+"Plural-Forms: \n"
+
+#. module: sales_team_security
+#: model:ir.model,name:sales_team_security.model_res_partner
+msgid "Contact"
+msgstr ""
+
+#. module: sales_team_security
+#: model:ir.model.fields,help:sales_team_security.field_res_partner__team_id
+#: model:ir.model.fields,help:sales_team_security.field_res_users__team_id
+msgid ""
+"If set, this Sales Team will be used for sales and assignments related to "
+"this partner"
+msgstr ""
+
+#. module: sales_team_security
+#: model:ir.model,name:sales_team_security.model_ir_rule
+msgid "Record Rule"
+msgstr ""
+
+#. module: sales_team_security
+#: model:ir.model.fields,field_description:sales_team_security.field_res_partner__team_id
+#: model:ir.model.fields,field_description:sales_team_security.field_res_users__team_id
+msgid "Sales Team"
+msgstr ""
+
+#. module: sales_team_security
+#: model:ir.model.fields,field_description:sales_team_security.field_res_partner__user_id
+#: model:ir.model.fields,field_description:sales_team_security.field_res_users__user_id
+msgid "Salesperson"
+msgstr ""
+
+#. module: sales_team_security
+#: model:ir.model.fields,help:sales_team_security.field_res_partner__user_id
+#: model:ir.model.fields,help:sales_team_security.field_res_users__user_id
+msgid "The internal user in charge of this contact."
+msgstr ""
+
+#. module: sales_team_security
+#: model:res.groups,comment:sales_team_security.group_sale_team_manager
+msgid ""
+"The user will have an access to the documents of the sales teams he/she "
+"belongs to."
+msgstr ""
+
+#. module: sales_team_security
+#: model:res.groups,name:sales_team_security.group_sale_team_manager
+msgid "User: Team Documents Only"
+msgstr ""
diff --git a/sales_team_security/models/__init__.py b/sales_team_security/models/__init__.py
new file mode 100644
index 00000000..eb10d8b1
--- /dev/null
+++ b/sales_team_security/models/__init__.py
@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+from . import ir_rule
+from . import res_partner
diff --git a/sales_team_security/models/ir_rule.py b/sales_team_security/models/ir_rule.py
new file mode 100644
index 00000000..2644158c
--- /dev/null
+++ b/sales_team_security/models/ir_rule.py
@@ -0,0 +1,58 @@
+# Copyright 2020 Tecnativa - Pedro M. Baeza
+# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html
+
+from odoo import api, models, tools
+from odoo.osv import expression
+from odoo.tools import config
+
+
+class IrRule(models.Model):
+    _inherit = "ir.rule"
+
+    @api.model
+    @tools.conditional(
+        "xml" not in config["dev_mode"],
+        tools.ormcache(
+            "self.env.uid",
+            "self.env.su",
+            "model_name",
+            "mode",
+            "tuple(self._compute_domain_context_values())",
+        ),
+    )
+    def _compute_domain(self, model_name, mode="read"):
+        """Inject extra domain for restricting partners when the user
+        has the group 'Sales / User: Own Documents Only'.
+        """
+        res = super()._compute_domain(model_name, mode=mode)
+        user = self.env.user
+        group1 = "sales_team.group_sale_salesman"
+        group2 = "sales_team_security.group_sale_team_manager"
+        group3 = "sales_team.group_sale_salesman_all_leads"
+        if model_name == "res.partner" and not self.env.su:
+            if user.has_group(group1) and not user.has_group(group3):
+                extra_domain = [
+                    "|",
+                    ("message_partner_ids", "in", user.partner_id.ids),
+                    "|",
+                    ("id", "=", user.partner_id.id),
+                ]
+                if user.has_group(group2):
+                    extra_domain += [
+                        "|",
+                        ("team_id", "=", user.sale_team_id.id),
+                        ("team_id", "=", False),
+                    ]
+                else:
+                    extra_domain += [
+                        "|",
+                        ("user_id", "=", user.id),
+                        "&",
+                        ("user_id", "=", False),
+                        "|",
+                        ("team_id", "=", False),
+                        ("team_id", "=", user.sale_team_id.id),
+                    ]
+                extra_domain = expression.normalize_domain(extra_domain)
+                res = expression.AND([extra_domain] + [res])
+        return res
diff --git a/sales_team_security/models/res_partner.py b/sales_team_security/models/res_partner.py
new file mode 100644
index 00000000..a3fb68a6
--- /dev/null
+++ b/sales_team_security/models/res_partner.py
@@ -0,0 +1,94 @@
+# Copyright 2016-2018 Tecnativa - Pedro M. Baeza
+# Copyright 2021 Tecnativa - Víctor Martínez
+# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html
+
+from lxml import etree
+
+from odoo import api, fields, models
+
+
+class ResPartner(models.Model):
+    _inherit = "res.partner"
+
+    # add indexes for better performance on record rules
+    user_id = fields.Many2one(index=True)
+    team_id = fields.Many2one(index=True)
+
+    @api.model
+    def get_view(self, view_id=None, view_type="form", **options):
+        """
+        Patch view to inject the default value for the team_id and user_id.
+        """
+        # FIXME: Use base_view_inheritance_extension when available
+        res = super().get_view(view_id, view_type, **options)
+        if view_type == "form":
+            eview = etree.fromstring(res["arch"])
+            xml_fields = eview.xpath("//field[@name='child_ids']")
+            if xml_fields:
+                context_str = (
+                    xml_fields[0]
+                    .get("context", "{}")
+                    .replace(
+                        "{",
+                        "{'default_team_id': team_id, 'default_user_id': user_id,",
+                        1,
+                    )
+                )
+                xml_fields[0].set("context", context_str)
+            res["arch"] = etree.tostring(eview)
+        return res
+
+    @api.onchange("parent_id")
+    def _onchange_parent_id_sales_team_security(self):
+        """If assigning a parent partner and the contact doesn't have
+        team or salesman, we put the parent's one (if any).
+        """
+        if self.parent_id and self.parent_id.team_id and not self.team_id:
+            self.team_id = self.parent_id.team_id.id
+        if self.parent_id and self.parent_id.user_id and not self.user_id:
+            self.user_id = self.parent_id.user_id.id
+
+    @api.onchange("user_id")
+    def _onchange_user_id_sales_team_security(self):
+        if self.user_id.sale_team_id:
+            self.team_id = self.user_id.sale_team_id
+
+    def _remove_key_followers(self, partner):
+        for record in self.mapped("commercial_partner_id"):
+            # Look for delivery and invoice addresses
+            childrens = record.child_ids.filtered(
+                lambda x: x.type in {"invoice", "delivery"}
+            )
+            (childrens + record).message_unsubscribe(partner_ids=partner.ids)
+
+    def _add_followers_from_salesmans(self):
+        """Sync followers in commercial partner + delivery/invoice contacts."""
+        for record in self.mapped("commercial_partner_id"):
+            followers = (record.child_ids + record).mapped("user_id.partner_id")
+            # Look for delivery and invoice addresses
+            childrens = record.child_ids.filtered(
+                lambda x: x.type in {"invoice", "delivery"}
+            )
+            (childrens + record).message_subscribe(partner_ids=followers.ids)
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        """Sync followers on contact creation."""
+        records = super().create(vals_list)
+        records._add_followers_from_salesmans()
+        return records
+
+    def write(self, vals):
+        """If the salesman is changed, first remove the old salesman as follower
+        of the key contacts (commercial + delivery/invoice), and then sync for
+        the new ones.
+
+        It performs as well the followers sync on contact type change.
+        """
+        if "user_id" in vals:
+            for record in self.filtered("user_id"):
+                record._remove_key_followers(record.user_id.partner_id)
+        result = super().write(vals)
+        if "user_id" in vals or vals.get("type") in {"invoice", "delivery"}:
+            self._add_followers_from_salesmans()
+        return result
diff --git a/sales_team_security/readme/CONFIGURE.rst b/sales_team_security/readme/CONFIGURE.rst
new file mode 100644
index 00000000..eb17eca5
--- /dev/null
+++ b/sales_team_security/readme/CONFIGURE.rst
@@ -0,0 +1,3 @@
+#. Go to *Configuration > Users & Companies > Users*.
+#. Open or create a user.
+#. On the section "Sale", select "User: Team documents".
diff --git a/sales_team_security/readme/CONTRIBUTORS.rst b/sales_team_security/readme/CONTRIBUTORS.rst
new file mode 100644
index 00000000..8077b7f7
--- /dev/null
+++ b/sales_team_security/readme/CONTRIBUTORS.rst
@@ -0,0 +1,15 @@
+* `Tecnativa <https://www.tecnativa.com>`__:
+
+  * Pedro M. Baeza
+  * Víctor Martínez
+  * César A. Sánchez
+
+* `Guadaltech <https://www.guadaltech.es>`__:
+
+  * Ramón Bajona
+
+* Iván Todorovich <ivan.todorovich@gmail.com>
+
+* `Pesol <https://www.pesol.es>`__:
+
+  * Jonathan Oscategui Taza <info@pesol.es>
diff --git a/sales_team_security/readme/DESCRIPTION.rst b/sales_team_security/readme/DESCRIPTION.rst
new file mode 100644
index 00000000..72f44aae
--- /dev/null
+++ b/sales_team_security/readme/DESCRIPTION.rst
@@ -0,0 +1,30 @@
+This module adds a new "Sale" group called "User: Team documents", that
+includes the proper permissions for showing only the information related to
+that user sale team (having assigned that team/channel or no team at all,
+independently from the assigned salesman):
+
+* Contacts.
+* Quotations/Sales Orders (implemented in sales_team_security_sale)
+* Leads/Opportunities (implemented in sales_team_security_crm)
+
+It also handles the propagation of the sales team from commercial partners to
+the contacts, which standard doesn't do.
+
+It also handles the sync (auto-creation and remove) of followers in company partners
+and childs of them according to salesmans. Any example about it:
+- Partner company > Salesman: Admin
+- Partner company, Contact 1 > Without salesman
+- Partner company, Contact 2 > Salesman: Demo
+All these partners have these followers: Admin + Demo
+
+And finally, there are rules for partners to be restricted to the own ones for
+the group "User: Own Documents Only" for being coherent with the permission
+scheme. Someone with this permission will see:
+
+- Contacts without salesman nor team assigned.
+- Contacts without salesman assigned, but the same team.
+- Contacts with them as salesman, independently from the team.
+- Contacts with them as follower.
+
+For keeping consistent accesses, followers of the main and shipping/invoice
+contacts are synced according the salesman of the children contacts
diff --git a/sales_team_security/readme/INSTALL.rst b/sales_team_security/readme/INSTALL.rst
new file mode 100644
index 00000000..113b9671
--- /dev/null
+++ b/sales_team_security/readme/INSTALL.rst
@@ -0,0 +1,4 @@
+At installation time, this module sets in all the contacts that have the sales
+team empty the sales team of the parent, and sync followers in parent contacts
+and invoice/shipping addresses. If you have a lot of contacts, this
+operation can take a while.
diff --git a/sales_team_security/readme/ROADMAP.rst b/sales_team_security/readme/ROADMAP.rst
new file mode 100644
index 00000000..3f40e5bd
--- /dev/null
+++ b/sales_team_security/readme/ROADMAP.rst
@@ -0,0 +1,2 @@
+* This module modifies sales security groups hierarchy, so any other module
+  doing something similar might conflict with this one.
diff --git a/sales_team_security/security/sales_team_security.xml b/sales_team_security/security/sales_team_security.xml
new file mode 100644
index 00000000..01d532a4
--- /dev/null
+++ b/sales_team_security/security/sales_team_security.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+
+    <record id="group_sale_team_manager" model="res.groups">
+        <field name="name">User: Team Documents Only</field>
+        <field
+            name="comment"
+        >The user will have an access to the documents of the sales teams he/she belongs to.</field>
+        <field name="category_id" ref="base.module_category_sales_sales" />
+        <field name="implied_ids" eval="[(4, ref('sales_team.group_sale_salesman'))]" />
+    </record>
+
+    <record id="sales_team.group_sale_salesman_all_leads" model="res.groups">
+        <field name="implied_ids" eval="[(6, 0, [ref('group_sale_team_manager')])]" />
+    </record>
+
+</odoo>
diff --git a/sales_team_security/static/description/icon.png b/sales_team_security/static/description/icon.png
new file mode 100644
index 00000000..3a0328b5
Binary files /dev/null and b/sales_team_security/static/description/icon.png differ
diff --git a/sales_team_security/static/description/index.html b/sales_team_security/static/description/index.html
new file mode 100644
index 00000000..71306a99
--- /dev/null
+++ b/sales_team_security/static/description/index.html
@@ -0,0 +1,489 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
+<title>Sales documents permissions by channels (teams)</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="sales-documents-permissions-by-channels-teams">
+<h1 class="title">Sales documents permissions by channels (teams)</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:709c291e03000ac05c6e8f97900c31cb7ec9adfded256ce6bfabf6a62d20dd03
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Production/Stable" src="https://img.shields.io/badge/maturity-Production%2FStable-green.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/sale-workflow/tree/16.0/sales_team_security"><img alt="OCA/sale-workflow" src="https://img.shields.io/badge/github-OCA%2Fsale--workflow-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/sale-workflow-16-0/sale-workflow-16-0-sales_team_security"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/sale-workflow&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p>This module adds a new “Sale” group called “User: Team documents”, that
+includes the proper permissions for showing only the information related to
+that user sale team (having assigned that team/channel or no team at all,
+independently from the assigned salesman):</p>
+<ul class="simple">
+<li>Contacts.</li>
+<li>Quotations/Sales Orders (implemented in sales_team_security_sale)</li>
+<li>Leads/Opportunities (implemented in sales_team_security_crm)</li>
+</ul>
+<p>It also handles the propagation of the sales team from commercial partners to
+the contacts, which standard doesn’t do.</p>
+<p>It also handles the sync (auto-creation and remove) of followers in company partners
+and childs of them according to salesmans. Any example about it:
+- Partner company &gt; Salesman: Admin
+- Partner company, Contact 1 &gt; Without salesman
+- Partner company, Contact 2 &gt; Salesman: Demo
+All these partners have these followers: Admin + Demo</p>
+<p>And finally, there are rules for partners to be restricted to the own ones for
+the group “User: Own Documents Only” for being coherent with the permission
+scheme. Someone with this permission will see:</p>
+<ul class="simple">
+<li>Contacts without salesman nor team assigned.</li>
+<li>Contacts without salesman assigned, but the same team.</li>
+<li>Contacts with them as salesman, independently from the team.</li>
+<li>Contacts with them as follower.</li>
+</ul>
+<p>For keeping consistent accesses, followers of the main and shipping/invoice
+contacts are synced according the salesman of the children contacts</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#installation" id="toc-entry-1">Installation</a></li>
+<li><a class="reference internal" href="#configuration" id="toc-entry-2">Configuration</a></li>
+<li><a class="reference internal" href="#known-issues-roadmap" id="toc-entry-3">Known issues / Roadmap</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-4">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-5">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-6">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-7">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-8">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="installation">
+<h1><a class="toc-backref" href="#toc-entry-1">Installation</a></h1>
+<p>At installation time, this module sets in all the contacts that have the sales
+team empty the sales team of the parent, and sync followers in parent contacts
+and invoice/shipping addresses. If you have a lot of contacts, this
+operation can take a while.</p>
+</div>
+<div class="section" id="configuration">
+<h1><a class="toc-backref" href="#toc-entry-2">Configuration</a></h1>
+<ol class="arabic simple">
+<li>Go to <em>Configuration &gt; Users &amp; Companies &gt; Users</em>.</li>
+<li>Open or create a user.</li>
+<li>On the section “Sale”, select “User: Team documents”.</li>
+</ol>
+</div>
+<div class="section" id="known-issues-roadmap">
+<h1><a class="toc-backref" href="#toc-entry-3">Known issues / Roadmap</a></h1>
+<ul class="simple">
+<li>This module modifies sales security groups hierarchy, so any other module
+doing something similar might conflict with this one.</li>
+</ul>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#toc-entry-4">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/sale-workflow/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/sale-workflow/issues/new?body=module:%20sales_team_security%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#toc-entry-5">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#toc-entry-6">Authors</a></h2>
+<ul class="simple">
+<li>Tecnativa</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#toc-entry-7">Contributors</a></h2>
+<ul class="simple">
+<li><a class="reference external" href="https://www.tecnativa.com">Tecnativa</a>:<ul>
+<li>Pedro M. Baeza</li>
+<li>Víctor Martínez</li>
+<li>César A. Sánchez</li>
+</ul>
+</li>
+<li><a class="reference external" href="https://www.guadaltech.es">Guadaltech</a>:<ul>
+<li>Ramón Bajona</li>
+</ul>
+</li>
+<li>Iván Todorovich &lt;<a class="reference external" href="mailto:ivan.todorovich&#64;gmail.com">ivan.todorovich&#64;gmail.com</a>&gt;</li>
+<li><a class="reference external" href="https://www.pesol.es">Pesol</a>:<ul>
+<li>Jonathan Oscategui Taza &lt;<a class="reference external" href="mailto:info&#64;pesol.es">info&#64;pesol.es</a>&gt;</li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#toc-entry-8">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>Current <a class="reference external" href="https://odoo-community.org/page/maintainer-role">maintainers</a>:</p>
+<p><a class="reference external image-reference" href="https://github.com/pedrobaeza"><img alt="pedrobaeza" src="https://github.com/pedrobaeza.png?size=40px" /></a> <a class="reference external image-reference" href="https://github.com/ivantodorovich"><img alt="ivantodorovich" src="https://github.com/ivantodorovich.png?size=40px" /></a></p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/sale-workflow/tree/16.0/sales_team_security">OCA/sale-workflow</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/sales_team_security/tests/__init__.py b/sales_team_security/tests/__init__.py
new file mode 100644
index 00000000..9430eda6
--- /dev/null
+++ b/sales_team_security/tests/__init__.py
@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
+
+from . import test_sales_team_security
diff --git a/sales_team_security/tests/common.py b/sales_team_security/tests/common.py
new file mode 100644
index 00000000..70aab444
--- /dev/null
+++ b/sales_team_security/tests/common.py
@@ -0,0 +1,125 @@
+# Copyright 2016-2020 Tecnativa - Pedro M. Baeza
+# Copyright 2021 Tecnativa - Víctor Martínez
+# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html
+
+from odoo.tests import common
+
+
+class TestCommon(common.TransactionCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.team = cls.env["crm.team"].create({"name": "Test channel"})
+        cls.team2 = cls.env["crm.team"].create({"name": "Test channel 2"})
+        cls.user = cls.env["res.users"].create(
+            {
+                "login": "sales_team_security",
+                "name": "Test sales_team_security user",
+                "groups_id": [(4, cls.env.ref("sales_team.group_sale_salesman").id)],
+            }
+        )
+        cls.crm_team_member = cls.env["crm.team.member"].create(
+            {
+                "user_id": cls.user.id,
+                "crm_team_id": cls.team.id,
+            }
+        )
+        cls.partner = cls.env["res.partner"].create(
+            {"name": "Test partner", "team_id": cls.team.id}
+        )
+        cls.partner_child_1 = cls.env["res.partner"].create(
+            {"name": "Child 1", "parent_id": cls.partner.id}
+        )
+        cls.partner_child_2 = cls.env["res.partner"].create(
+            {"name": "Child 2", "parent_id": cls.partner.id, "type": "invoice"}
+        )
+        cls.partner2 = cls.env["res.partner"].create(
+            {"name": "Test partner 2", "user_id": cls.user.id}
+        )
+        cls.user2 = cls.env["res.users"].create(
+            {
+                "login": "sales_team_security2",
+                "name": "Test sales_team_security user 2",
+                "groups_id": [(4, cls.env.ref("sales_team.group_sale_salesman").id)],
+            }
+        )
+        cls.crm_team_member2 = cls.env["crm.team.member"].create(
+            {
+                "user_id": cls.user2.id,
+                "crm_team_id": cls.team.id,
+            }
+        )
+        cls.check_permission_subscribe = False
+
+    def _check_permission(self, salesman, team, expected):
+        self.record.write(
+            {
+                "user_id": salesman.id if salesman else salesman,
+                "team_id": team.id if team else team,
+            }
+        )
+        domain = [("id", "=", self.record.id)]
+        if (
+            self.check_permission_subscribe
+        ):  # Force unsubscription for not interfering with real test
+            self.record.message_subscribe(partner_ids=self.user.partner_id.ids)
+        else:
+            self.record.message_unsubscribe(partner_ids=self.user.partner_id.ids)
+        obj = self.env[self.record._name].with_user(self.user)
+        self.assertEqual(bool(obj.search(domain)), expected)
+
+    def _check_whole_permission_set(self, extra_checks=True):
+        self._check_permission(False, False, True)
+        self._check_permission(self.user, False, True)
+        self._check_permission(self.user2, False, False)
+        self._check_permission(False, self.team, True)
+        if extra_checks:
+            self._check_permission(False, self.team2, False)
+        self._check_permission(self.user, self.team, True)
+        self._check_permission(self.user, self.team2, True)
+        self._check_permission(self.user2, self.team2, False)
+        self._check_permission(self.user2, self.team, False)
+        # Add to group "Team manager"
+        self.user.groups_id = [
+            (4, self.env.ref("sales_team_security.group_sale_team_manager").id)
+        ]
+        self._check_permission(False, False, True)
+        self._check_permission(self.user, False, True)
+        self._check_permission(self.user2, False, True)
+        self._check_permission(False, self.team, True)
+        if extra_checks:
+            self._check_permission(False, self.team2, False)
+        self._check_permission(self.user, self.team, True)
+        if self.record._name == "res.partner":
+            self.check_permission_subscribe = True
+            self._check_permission(self.user, self.team2, True)
+            self.check_permission_subscribe = False
+        else:
+            self._check_permission(self.user, self.team2, True)
+        self._check_permission(self.user2, self.team2, False)
+        self._check_permission(self.user2, self.team, True)
+        # Add to group "See all leads"
+        self.user.groups_id = [
+            (4, self.env.ref("sales_team.group_sale_salesman_all_leads").id)
+        ]
+        self._check_permission(False, False, True)
+        self._check_permission(self.user, False, True)
+        self._check_permission(self.user2, False, True)
+        self._check_permission(False, self.team, True)
+        self._check_permission(False, self.team2, True)
+        self._check_permission(self.user, self.team, True)
+        self._check_permission(self.user, self.team2, True)
+        self._check_permission(self.user2, self.team2, True)
+        self._check_permission(self.user2, self.team, True)
+        # Regular internal user
+        if extra_checks:
+            self.user.groups_id = [(6, 0, [self.env.ref("base.group_user").id])]
+            self._check_permission(False, False, True)
+            self._check_permission(self.user, False, True)
+            self._check_permission(self.user2, False, True)
+            self._check_permission(False, self.team, True)
+            self._check_permission(False, self.team2, True)
+            self._check_permission(self.user, self.team, True)
+            self._check_permission(self.user, self.team2, True)
+            self._check_permission(self.user2, self.team2, True)
+            self._check_permission(self.user2, self.team, True)
diff --git a/sales_team_security/tests/test_sales_team_security.py b/sales_team_security/tests/test_sales_team_security.py
new file mode 100644
index 00000000..63dd2a6e
--- /dev/null
+++ b/sales_team_security/tests/test_sales_team_security.py
@@ -0,0 +1,95 @@
+# Copyright 2016-2020 Tecnativa - Pedro M. Baeza
+# Copyright 2021 Tecnativa - Víctor Martínez
+# License AGPL-3 - See http://www.gnu.org/licenses/agpl-3.0.html
+
+from lxml import etree
+
+from ..hooks import post_init_hook
+from .common import TestCommon
+
+
+class TestSalesTeamSecurity(TestCommon):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.user_partner = cls.user.partner_id
+        cls.user2_partner = cls.user2.partner_id
+        cls.record = cls.partner
+
+    def test_onchange_parent_id(self):
+        contact = self.env["res.partner"].create(
+            {"name": "Test contact", "parent_id": self.partner.id}
+        )
+        contact._onchange_parent_id_sales_team_security()
+        self.assertEqual(contact.team_id, self.team)
+
+        contact2 = self.env["res.partner"].create(
+            {"name": "Test contact", "parent_id": self.partner2.id}
+        )
+        contact2._onchange_parent_id_sales_team_security()
+        self.assertEqual(contact2.user_id, self.user)
+
+    def test_onchange_user_id(self):
+        contact = self.env["res.partner"].create(
+            {
+                "name": "Test contact",
+                "user_id": self.user.id,
+            }
+        )
+        contact._onchange_user_id_sales_team_security()
+        self.assertEqual(contact.team_id, self.team)
+
+    def test_assign_contacts_team(self):
+        contact = self.env["res.partner"].create(
+            {"name": "Test contact", "parent_id": self.partner.id, "team_id": False}
+        )
+        post_init_hook(self.env.cr, self.env.registry)
+        contact.env.invalidate_all()
+        self.assertEqual(contact.team_id, self.partner.team_id)
+
+    def test_change_user_id_partner(self):
+        self.partner.write({"user_id": self.user.id})
+        self.assertIn(self.user_partner, self.partner.message_partner_ids)
+        self.assertNotIn(self.user_partner, self.partner_child_1.message_partner_ids)
+        self.assertIn(self.user_partner, self.partner_child_2.message_partner_ids)
+        # Change salesman
+        self.partner.write({"user_id": self.user2.id})
+        self.assertNotIn(self.user_partner, self.partner.message_partner_ids)
+        self.assertIn(self.user2_partner, self.partner.message_partner_ids)
+        self.assertNotIn(self.user_partner, self.partner_child_2.message_partner_ids)
+        self.assertIn(self.user2_partner, self.partner_child_2.message_partner_ids)
+
+    def test_change_user_id_partner_child_1(self):
+        self.partner_child_1.write({"user_id": self.user.id})
+        self.assertIn(self.user_partner, self.partner.message_partner_ids)
+        self.assertIn(self.user_partner, self.partner_child_2.message_partner_ids)
+        # Change salesman
+        self.partner_child_1.write({"user_id": self.user2.id})
+        self.assertNotIn(self.user_partner, self.partner.message_partner_ids)
+        self.assertIn(self.user2_partner, self.partner.message_partner_ids)
+        self.assertNotIn(self.user_partner, self.partner_child_2.message_partner_ids)
+        self.assertIn(self.user2_partner, self.partner_child_2.message_partner_ids)
+
+    def test_partner_fields_view_get(self):
+        res = self.env["res.partner"].get_view(
+            view_id=self.ref("base.view_partner_form")
+        )
+        eview = etree.fromstring(res["arch"])
+        xml_fields = eview.xpath("//field[@name='child_ids']")
+        self.assertTrue(xml_fields)
+        self.assertTrue("default_team_id" in xml_fields[0].get("context", ""))
+
+    def test_partner_permissions(self):
+        self._check_whole_permission_set()
+
+    def test_partner_permissions_subscription(self):
+        self.check_permission_subscribe = True
+        self._check_permission(self.user2, False, True)
+
+    def test_partner_permissions_own_partner(self):
+        self.user.partner_id.write({"user_id": self.user2.id})
+        domain = [("id", "in", self.user.partner_id.ids)]
+        Partner = self.env["res.partner"].with_user(self.user)
+        # Make sure the acces is not due to the subscription
+        self.partner.message_unsubscribe(partner_ids=self.user.partner_id.ids)
+        self.assertEqual(bool(Partner.search(domain)), True)
diff --git a/sales_team_security/views/res_partner_view.xml b/sales_team_security/views/res_partner_view.xml
new file mode 100644
index 00000000..1b70930c
--- /dev/null
+++ b/sales_team_security/views/res_partner_view.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+    <record id="view_partner_form" model="ir.ui.view">
+        <field name="name">Partner form (with sales info in contacts)</field>
+        <field name="model">res.partner</field>
+        <field name="inherit_id" ref="base.view_partner_form" />
+        <field name="arch" type="xml">
+            <xpath expr="//field[@name='child_ids']/form" position="inside">
+                <field name="user_id" invisible="1" />
+                <field name="team_id" invisible="1" />
+            </xpath>
+        </field>
+    </record>
+</odoo>
diff --git a/setup/sales_team_security/odoo/addons/sales_team_security b/setup/sales_team_security/odoo/addons/sales_team_security
new file mode 120000
index 00000000..00ab9e3e
--- /dev/null
+++ b/setup/sales_team_security/odoo/addons/sales_team_security
@@ -0,0 +1 @@
+../../../../sales_team_security
\ No newline at end of file
diff --git a/setup/sales_team_security/setup.py b/setup/sales_team_security/setup.py
new file mode 100644
index 00000000..28c57bb6
--- /dev/null
+++ b/setup/sales_team_security/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/test-requirements.txt b/test-requirements.txt
index 66bc2cba..12230e93 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1 +1,2 @@
 odoo_test_helper
+odoo-addon-stock-picking-line-sequence @ git+https://github.com/qrtl/axls-oca.git@refs/pull/120/head#subdirectory=setup/stock_picking_line_sequence